NS 100-HQ-NAT-> get conf 
"Total Config size 6229: 
set url server 0.0.0.0 15868 10 

set url message "NetScreen and NetPartners WebSENSE have been set to block this site." 

set url msg-type 1 

set url config disable 

set auth type 0 

set auth timeout 20 

set admin name admin 

set admin password admin 

set admin sys-ip 0.0.0.0 

set interface trust bandwidth 10000 

set interface untrust bandwidth 10000 

setinterf^ 

|efmlrfecl!ruWip49}l 72;209.10 255.i^5£Q 
se^nterfacemntostjp^8.1^4 2J;26|255 §5525&324 

set interface trust phy half lOmb 
set interface untrust phy half lOmb 
set interface trust ping 
set interface untrust ping 
set interface dmz ping 
set interface trust mng 
set interface untrust mng 
■^et interface trust gateway 149.172.209.1 

:= ?set flow tcp-mss 


; = .set hostname NS100-HQ-NAT 


;|et address trust "PONG" 149.172.204.111 255.255.255.255 "pong.ikos.com" 
-;4et address dmz "Starfish" 149.172.208.88 255.255.255.255 "Rich Haney's Web Server" 
ftet address dmz "si" 149.172.208.100 255.255.255.255 "IKOS Public Web Server" 
-ftet address dmz "DMZ Subnet" 149.172.208.0 255.255.255.0 
:= set service "RSH" protocol tcp src-port 0-1023 dst-port 514-514 group "remote" 
Llset syn-alarm 1024 
SJset syn-qsize 10240 
Uiiset syn-timeout 20 
l^jset syn-threshold 200 
^set firewall tear-drop 
^set firewall syn-attack 
'- 'unset firewall ip-spoofing 
set firewall ping-of-death 
set firewall src-route 
set firewall land 
set firewall icmp-flood 
set firewall udp-flood 
set firewall winnuke 
set firewall port-scan 
set firewall adr-sweep 
set firewall default-deny 

set syslog config 149.172.200.202 auth/sec auth/sec warn 

set syslog enable . . . . . 

seTvpn "HQ- UK" manual 4444 5555 gateway 1 95. 1 4.7 1 .226 esp 3des password letmein auth md5 password letmein 

set mip 208.184.121.27 host 149.172.208.88 netmask 255.255.255.255 

set mip 208.184.121.28 host 149.172.208.100 netmask 255.255.255.255 

set policy todmz "Inside Any" "DMZ Any" "ANY" Permit log count 

set policy fromdmz "DMZ Any" "Inside Any" "ANY" Permit log count 

set policy fromdmz "DMZ Any" "MIP(208. 1 84. 1 21 .27)" "ANY" Permit log 

set policy incoming "Outside Any" "MIP(208.184.121.27)" "ANY" Permit log count 

set policy incoming "Outside Any" "MIP(208.184.121.28)" "ANY" Permit lo g count 

sjUMlicy outgoing "Inside Any" "UK" "ANY" Encrypt vpn-tunnel "HQ-UK" 

set policy todmz "Outside Any" "DMZ Any" "DNS" Permit log count 


set policy todmz "Outside Any" "DMZ A^^FTP" Permit log count 

set policy todmz "Outside Any" "DMZ Any" "HTTP" Permit log count 

set policy todmz "Outside Any" "DMZ Any" "HTTPS" Permit log count 

set policy todmz "Outside Any" "DMZ Any" "POP3" Permit log count 

set policy todmz "Outside Any" "DMZ Any" "MAIL" Permit log count 

set policy todmz "Outside Any" "DMZ Any" "PING" Permit log count 

set policy outgoing "Inside Any" "MIP(208.184.121.27)" "ANY" Permit log 

set policy outgoing "Inside Any" "MIP(208. 184. 121.28)" "ANY" Permit log 

set policy outgoing "Inside Any" "Outside Any" "ANY" Permit log 

set policy fromdmz "DMZ Any" "MIP(208.184.121.28)" "ANY" Permit log 

set policy fromdmz "DMZ Any" "Outside Any" "ANY" Permit log count 

set route 149.172.45.0 255.255.255.0 interface trust gateway 149.172.209.1 metric 1 

set route 149.172.204.0 255.255.255.0 interface trust gateway 149.172.209.1 metric 1 

set route 149.172.200.0 255.255.255.0 interface trust gateway 149.172.209.1 metric 1 

set route 149.172.202.0 255.255.255.0 interface trust gateway 149.172.209.1 metric 1 

set route 149.172.206.0 255.255.255.0 interface trust gateway 149.172.209.1 metric 1 

set route 149.172.201.0 255.255.255.0 interface trust gateway 149.172.209.1 metric 1 

set route 149.172.215.0 255.255.255.0 interface trust gateway 149.172.209.1 metric 1 

set route 149.172.155.0 255.255.255.0 interface trust gateway 149.172.209.1 metric 1 

set route 149.172.145.0 255.255.255.0 interface trust gateway 149.172.209.1 metric 1 

set route 149.172.205.0 255.255.255.0 interface trust gateway 149.172.209.1 metric 1 

set route 149.172.170.0 255.255.255.0 interface trust gateway 149.172.209.1 metric 1 

NS100-HQ-NAT-> 

'*J 
. !=: 

•:n 



IKOS-UK-> get conf 
'Total Configsize 1390: 
set url server 0.0.0.0 15868 10 

set url message "NetScreen and NetPartners WebSENSE have been set to block this site." 

set url msg-type 1 

set url config disable 

set auth type 0 

set auth timeout 20 

set clock ntp 

set admin format dos 

set admin name admin 

set admin password admin 

set admin sys-ip 0.0.0.0 

set admin mail alert 

set admin mail server-ip 149.172.200.202 
set admin mail mail-addrl mark@ikos.com 
set admin mail mail-addr2jj@ikos.com 

sjstjad^^ _ 

set interface trust ping 

set interface untrust ping 

set interface dmz ping 
£!set interface trust mng 
:.j!£et interface untrust mng 

L,iset hostname IKOS-UK 
! j jset ntp server 149. 1 72.204. 1 1 1 
^set ntp zone 5 


'^set syn-threshold 200 
: * = set firewall tear-drop 
;i w set firewall syn-attack 
£3 unset firewall ip-spoofing 
'*=lset firewall ping-of-death 
M=set firewall src-route 
Q set firewall land 
£1 set firewall icmp-flood 
r^g set firewall udp-flood 
* ~ set firewall winnuke 

set firewall port-scan 

set firewall adr-sweep 

set firewall default-den y _^ 

set vpn "HQ-UK" roamiaFssss 4444 gateway 208. 1 84.1 21. 26 esp 3des password jtoi^i^^ password letmein 

Wtpojicy outgoing "Inside Any" "HQ-UK" "ANY" Encrypt vpn-tunnel "HQ-UK" ; 

set policy outgoing "Inside Any" "Outside Any" "ANY" Permit 

set syslog config 149.172.200.202 auth/sec auth/sec warn 

set syslog enable 

IKOS-UK-> 


PRCC-IKOS-Tl#sh conf 
Using 2095 out of 29688 bytes 
I 

version 11.3 

service timestamps debug uptime 
service timestamps log uptime 
service password-encryption 

j 

hostname PRCC-IKOS-T1 
I 

boot system flash l:c2600-d-mz.l 13-6.T.bin 
enable password 7 08324D401D18 

ip subnet-zero 

ip domain-list ikos.com 

ip domain-list pacificresources.com 

ip domain-name ikos.com 

ip name-server 149.172.208.100 

! 


0! 


interface EthernetO/0 

P? ip address 208.184.121.25 255.255.255,224 

;^ ip broadcast-address 208.184.121.31 

m ip mask-reply 

M no ip directed-broadcast 

J= no ip mroute-cache 

:S ! 

^interface SerialO/0 

Si ip address 149.172.36.20 255.255.255.0 

ip broadcast-address 149.172.36.255 
y ip mask-reply 

no ip directed-broadcast 

no ip mroute-cache 

no fair-queue 

I 

interface EthernetO/1 

ip address 149.172.209.1 255.255.255.0 

ip broadcast-address 149.172.209.255 

ip mask-reply 

no ip directed-broadcast 

no ip mroute-cache 

t 

ip default-gateway 208. 1 84. 1 2 1 . 1 
no ip classless 

ip route 0.0.0.0 0.0.0.0 EthernetO/O 208. 1 84. 1 2 1 . 1 

ip route 149.172.0.0 255.255.0.0 SerialO/0 149.172.36.1 2 

ip route 149.172.36.0 255.255.255.0 SerialO/0 

ip route 149. 172. 145.0 255.255.255.0 EthernetO/1 149.172.209.10 2 

ip route 149.172.195.0 255.255.255.0 EthernetO/1 149.172.209.10 2 

ip route 149.172.204.0 255.255.255.0 SerialO/0 149.172.36.1 


ip'route 149.172.208.0 255.255.2^Ethernet0/l 149.172.209.10 
*ip route 149.172.209.0 255.255.255.0 Ethernet0/1 

ip route 149.172.210.0 255.255.255.0 Ethernet0/1 149.172.209.10 2 

ip route 149.172.212.0 255.255.255.0 Ethernet0/1 149.172.209.10 2 

ip route 149.172.220.0 255.255.255.0 Ethernet0/1 149.172.209.10 2 

ip route 149.172.225.0 255.255.255.0 Ethernet0/1 149.172.209.10 2 

ip route 149.172.235.0 255.255.255.0 Ethernet0/1 149.172.209.10 2 

ip route 149.172.240.0 255.255.255.0 Ethernet0/1 149.172.209.10 2 

ip route 149.172.245.0 255.255.255.0 Ethernet0/1 149.172.209.10 2 
ip route 208.184.121.0 255.255.255.224 Ethernet0/0 
I 

no logging console 

snmp-server community ikospub RO 

snmp-server community ikospriv RW 

i 

line con 0 

exec-timeout 0 0 

line aux 0 

line vty 0 4 

exec-timeout 20 0 
O password 7 000A 160300090509 
! =B login 

iio scheduler allocate 

:i =end 


□ 




II<fOS-UK#sh conf 
4 Using 972 out of 32762 bytes 


version 12.0 

service timestamps debug uptime 
service timestamps log uptime 
no service password-encryption 
service udp-small-servers 
service tcp-small-servers 


hostname IKOS-UK 


no logging buffered 
enable password uk-47587 


ip subnet- zero 

ip domain-name ikos.com 

ip name-server 149.172.204.101 

ip name-server 149.172.208.100 

clock timezonc est -11 

clock summer-time edt recurring 


Jlinterface EthernetO 

jlip address 195.14.71.225 255.255.255.248 
flip broadcast-address 195.14.71.239 
L,i ip directed-broadcast 


IK bandwidth 384 
'% no ip address 

ip directed-broadcast 
_ encapsulation ppp 
! =:= shutdown 

h, 4\ 


i='= interface Serial 1 
Q bandwidth 384 

ip address 195.14.66.98 255.255.255.252 


ip classless 

ip route 0.0.0.0 0.0.0.0 Serial 1 


snmp-server community public RO 


line con 0 
exec-timeout 0 0 
transport input none 
line aux 0 
transport input all 
line vty 0 4 
exec -timeout 20 0 
password intl2getin 
login 


^interface SerialO 


i"=k ip directed-broadcast 


ntp clock-period 17179866 


end 


